The Board’s Responsibility for Information Technology Governance

32 Pages Posted: 22 Oct 2011 Last revised: 24 Dec 2017

See all articles by Lawrence J. Trautman

Lawrence J. Trautman

Prairie View A&M University - College of Business; Texas A&M University School of Law (By Courtesy)

Kara Altenbaumer-Price

U.S.I.

Date Written: December 17, 2010

Abstract

Few enterprise operational areas present as much inherent risk or prove as difficult to govern as Information Technology (“IT”). To be successful, IT governance requires enterprise commitment at the very top. Boards and executive management need to extend governance, already exercised over the enterprise, to IT by way of an effective IT governance framework that addresses strategic alignment, performance measurement, risk management, value delivery, and resource management. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives. Simply put, IT governance and the effective application of an IT governance framework are the responsibilities of the board of directors and executive management. An IT governance framework, such as Control Objectives for Information and related Technology (COBIT) can be a critical element in ensuring proper control and governance over information and the systems that create, store, manipulate and retrieve it. But these risks do not have to be shouldered by the company alone. Many can be transferred to or shared with insurance.

Every Governance and Nominating Committee must access its current inventory of director skill sets to require IT expertise. One choice will be to have and include IT expertise within a dedicated Risk Committee. Best practice for many will dictate that an audit committee include IT expertise and be composed of a qualified vice chairman, familiar with the company’s particular audit issues by virtue of experience gained from audit committee service. This will help provide an instant replacement for the committee chair should unexpected developments require. Therefore, every board should have at least two qualified financial experts populating the audit committee and seek IT expertise and experience in director recruitment to help avoid and address the costly private and regulatory lawsuits related to cyber issues that increasingly facing companies. Every board’s challenge in addressing IT risk is ongoing vigilance and recognition of the mission critical nature of Information Technology to the enterprise.

Keywords: Audit Committee, Business Continuity Planning, Business Judgment Rule, Chief Information Officer, Corporate Governance, Cybersecurity, Disaster Recovery, Disclosure, Dodd-Frank, Duty of Care Loyalty, E-Commerce, Enterprise Systems, Hacking, Information Architecture, Information Security, Privacy,

JEL Classification: C88, G34, G38, H56, K22, K42, L21, L86, M10, O30, O32, O33, O38

Suggested Citation

Trautman, Lawrence J. and Altenbaumer-Price, Kara, The Board’s Responsibility for Information Technology Governance (December 17, 2010). John Marshall Journal of Computer & Information Law, Vol. 29, p. 313, 2011, Available at SSRN: https://ssrn.com/abstract=1947283

Lawrence J. Trautman (Contact Author)

Prairie View A&M University - College of Business ( email )

Prairie View, TX
United States

Texas A&M University School of Law (By Courtesy) ( email )

1515 Commerce St.
Fort Worth, TX Tarrant County 76102
United States

Kara Altenbaumer-Price

U.S.I. ( email )

1445 Ross Avenue
Ste 4200
Dallas, TX 75202
United States
2144433127 (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
1,015
Abstract Views
5,350
Rank
44,483
PlumX Metrics